const jwt = require("jsonwebtoken")
const groupModels = require("../models/group")

async function forbiden(ctx, next) {
    let url = ctx.request.url
    let token = ctx.request.header.authorization
    if (url == "/api/login" || url == "/api/register") await next();
    else if (token) {
        let data = jwt.verify(token, "my_token")
        let res = await groupModels.findOne({ "id": data.root })
        console.log("-----" + res.role_status + "----")
        if (res.role_status == 2) {//状态值为2禁止所有API
            ctx.status = 403
            ctx.body = {
                code: 403,
                msg: "禁止访问"
            }
        } else {
            await next()
        }
    } else {
        ctx.status = 401
        ctx.body = {
            code: 401,
            msg: "禁止访问,不正规的访问请求"
        }
    }
}
module.exports = forbiden